My Oracle Support Banner

JDK Has Expired CA Certificates in "cacerts" Kyestore (Doc ID 2896638.1)

Last updated on SEPTEMBER 22, 2022

Applies to:

Java SE JDK and JRE - Version 8 and later
Information in this document applies to any platform.


JDK has several expired CA certificates in the default trust keystore $JAVA_HOME/lib/security/cacerts.

What should I do?


For example, JDK 1.8.0_341 includes the following expired CA certificats.



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.